Please sign in

Privacy Policy

Breakthrough Privacy Policy

Breakthrough Behavioral, Inc. (“Breakthrough”) knows
that you care about how your personal information is used and shared and takes
your privacy seriously.

Breakthrough
is an e-health platform that we offer to connect patients with our network of
affiliated mental health professionals (“Treatment
Providers”) to obtain online counseling and therapy services. “Treatment Providers” includes
employees, agents, or independent contractors of Treatment Providers. “Breakthrough” or the terms “we” or “us” or similar terms refer to Breakthrough Behavioral, Inc. “You” or “your” or similar terms refer to you as a user of our Services
(defined below).

THIS
PRIVACY POLICY IS BOTH AN AGREEMENT HEREBY ENTERED INTO BY YOU AND BREAKTHROUGH,
AND THE POLICY OF BREAKTHROUGH IN MAKING THE SERVICES AVAILABLE TO YOU.

1. Our
Promise to You.

We
know you are entrusting us with some of your most personal and valuable
information, including your personal health information. Your trust is built,
in part, on our commitment to respect the privacy and confidentiality of your health
information. We are committed to safeguarding and protecting your personal
information, including health information.

We
are providing this Privacy Policy to inform you of our policies and procedures
regarding the collection, use, and disclosure of the information that we
collect and receive from users of our e-health platform at and through our
website, www.breakthrough.com (the “Site”).

The
Breakthrough e-health platform includes, without limitation, the following
services (collectively, the “Services”):

(a)
the facilitation of electronic
or telephonic communications with Treatment Providers,

(b)
the provision of
appointment scheduling and reminders, claims submission and processing, and other services
related to online counseling and therapy for both our registered users and Treatment
Providers, and

(c)
the provision of other
information about Breakthrough and our products and services through the Site.

This
Privacy Policy applies only to information that you provide to us through the
Services. Unless otherwise defined in this Privacy Policy, terms used in this
Privacy Policy have the same meanings as in our Terms of Service [website link to Terms of Service] (the “Terms”).

By
accepting our Privacy Policy during registration, or by visiting the Site and/or
using the Services, you expressly consent to our collection, use, and
disclosure of your Personal Information (as defined below) in accordance with
this Privacy Policy.

As
used in this Privacy Policy, the terms “using”
and “processing” information include
using cookies on a computer, subjecting the information to statistical or other
analysis, and using or handling information in any way, including, without
limitation, collecting, storing, evaluating, modifying, deleting, using,
combining, disclosing, and transferring information within our organization or
among our affiliates or with Treatment Providers within the United States or internationally.

2. Collection
and Use of Information – In General.

When
using our Services, we will ask you for certain personally identifiable
information. This refers to information about you that can be used to contact
or identify you, and information on your use or potential use of the Services
and related services (collectively, “PersonalInformation”). Personal Information
that we might collect would include things like your name, phone number, gender,
occupation, hometown, personal interests, credit card or other billing
information, your email address and the email address of your contacts, home
and business postal addresses, website URLs,
insurance data (such as your insurance carrier and insurance plan), certain health information (such as health care providers you have seen, your reason for scheduling an appointment with a Treatment Provider, and your medical history), and any other information or data that you provide when using the Services. We also collect information you provide voluntarily in free-form text boxes on the Site and through responses to surveys, questionnaires and the like. If you communicate with us by, for example, email, facsimile or letter, any information provided in such communication may be collected as Personal Information.

The
main reason we collect Personal Information from you is to provide you a safe,
smooth, efficient, and customized user experience. The collection of Personal
Information also enables our users to establish a user account and profile that
can be used to interact with Treatment Providers and other users through the Site. We only collect
Personal Information we consider important to achieve that goal.
You always have the option not to provide some, or any, Personal Information by
either choosing not to become a registered user of the Services, or else by
skipping the particular feature of the Services for which the Personal
Information is being collected. You can use some of the Services anonymously,
but once you become a registered user of the Services, we will ask you to
provide Personal Information, such as:

·
Other personal
information as indicated (our forms indicate what information is required, and
what information is optional)

You
are under no obligation to provide us with this Personal Information. We use
your Personal Information to provide the Services and administer your
inquiries. You may change some of the information that you provide. Please
see “Changing or Deleting Your
Information” below for further information.

3. How
We Use Your Non-Medical Personal Information.

Some
of the Personal Information we collect from you is unrelated to your receipt of
counseling and therapy services through the Services. Examples of how we may use your Personal Information include, but are not limited to, the following:

·
Enable you to easily
navigate the Services

·
Resolve service and
billing problems via telephone or email

·
Troubleshoot technical
problems

·
Bill any amounts due from
you

·
Better understand users’
needs and interests

·
Personalize your
experience

·
Detect and protect us
against error, fraud, and other criminal activity

·
Enforce our Terms

·
Provide you with system
or administrative messages, and as otherwise described to you at the time of
collection

·
Provide you with further
information and offers from us that we believe you may find useful or interesting

If
you decide at any time that you no longer wish to receive certain communications
from us, please follow the unsubscribe instructions provided in any of the
communications or select the appropriate option in your user profile. (See “Changing or Deleting Your Information,”
below.) You cannot elect to unsubscribe some administrative communications, such as notification of new messages from your Treatment Providers. To stop receiving these communications, you will need to deactivate your account.

4. How
We Use Your Medical Personal Information (PHI).

We
are dedicated to maintaining the privacy and integrity of your protected health
information (“PHI”). PHI is
information about you that may be used to identify you (such as your name,
social security number, or address), and that relates to (a) your past,
present, or future physical or mental health or condition, (b) the provision of
health care to you, or (c) your past, present, or future payment for the
provision of health care. In providing the Services, we will receive and create records containing your PHI, and may use it to assist you in scheduling appointments, remind you of upcoming or follow-up appointments, inform you of canceled appointments, allow Treatment Providers to make appointments with other Treatment Providers on your behalf through the Services, bill amounts due for health care services provided by a Treatment Provider under the Services or the Site, develop and conduct surveys with you to assist in providing you better Services, conduct our management and administrative activities, and otherwise as stated in this Privacy Policy. We may also use your de-identified PHI to run (or authorize third parties to run) statistical research on individual or aggregate health or medical trends. Such research would only use your PHI in an anonymous manner that cannot be tied directly back to you. We are required by law to maintain the privacy and confidentiality of your PHI, and we operate the Services consistent with applicable federal and state laws governing health information privacy and security.

This
Privacy Policy describes how we protect your privacy as a general user of the
Services, not as a patient receiving mental health advice or consultation
through the Services from a Treatment Provider. If you are a patient receiving
mental health advice or consultations through the Services from a Treatment
Provider, you have other rights with respect to the access, use, and disclosure
of PHI. For a more complete description of a patient’s rights under HIPAA,
please refer to your Treatment Provider’s Notice of Privacy Practices, which
provides important information to you about how your PHI may be used and
disclosed.

5. Log
Data.

When
you visit the Services, our servers automatically record information that your
browser sends whenever you visit a website (“LogData”). This Log
Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, or the
webpage you were visiting before you came to our Services, pages of our website
and Services that you visit, the time spent on those pages, information you
search for on our Services, access times and dates, and other statistics. We
use this information to monitor and analyze use of the Services and for the
Services’ technical administration, to increase our Services’ functionality and
user-friendliness, and to better tailor it to our visitors’ needs. For
example, some of this information is collected so that when you visit the
Services again, it will recognize you and provide information appropriate to
your interests. We also use this information to verify that visitors to the
Services meet the criteria required to process their requests.

Generally,
our service automatically collects usage information, such as the numbers and
frequency of visitors to our site and its components, similar to TV ratings
that indicate how many people watched a particular show. Breakthrough only
uses these data in aggregate form, that is, as a statistical measure, and not
in a manner that would identify you personally. These type of aggregate data
enable us to figure out how often users use parts of the Site or the Services
so that we can improve the Services.

6. Cookies.

We
also use “cookies” to collect
information. A cookie is a small data file that we transfer to your computer’s
hard disk for record-keeping purposes. We use cookies for two purposes.
First, we may utilize persistent cookies to save your user credentials for future logins to the Services. Second, we may utilize session ID
cookies to enable certain features of the Services, to better understand how
you interact with the Services and to monitor aggregate usage by users of the
Services and web traffic routing on the Services. Unlike persistent cookies,
session cookies are deleted from your computer when you log off from the
Services and then close your browser. We may work with third parties that place or read cookies on your browser to improve your user experience.

You
can instruct your browser, by changing its options, to stop accepting cookies
or to prompt you before accepting a cookie from the websites you visit. If you
do not accept cookies, however, you may not be able to use all portions or all
functionality of the Services.

7. Web
Beacons.

We
may also occasionally use “webbeacons” (also known as “cleargifs,” “webbugs,” “1-pixel gifs,” etc.) that allow us to collect non-personal
information about your response to our email communications, and for other
purposes. Web beacons are tiny images, placed on a Web page or e-mail, that
can tell us if you have visited a particular area of the Services. For
example, if you have given us permission to send you emails, we may send you an
email urging you to use a certain feature of the Services. If you do respond
to that email and use that feature, the web beacon will tell us that our email
communication with you has been successful. We do not collect any PHI with a
web beacon, and do not link web beacons with any PHI you have given us.

Because
Web beacons are used in conjunction with persistent cookies (described above),
if you set your browser to decline or deactivate cookies, Web beacons cannot
function.

8. Emails.

We
may use a third-party vendor to help us manage some of our email communications
with you. While we may supply this vendor with email addresses of those we
wish them to contact, your email address is never used for any purpose other
than to communicate with you on our or your Treatment Provider's behalf. When you click on a link in an
email, you may temporarily be redirected through one of the vendor’s servers
(although this process will be invisible to you) which will register that you
have clicked on that link, and have visited our Services. We also often
receive a confirmation when you open an email from Breakthrough if your
computer supports this type of program. Breakthrough uses this confirmation to
help us make emails more useful to you.

Secure electronic messaging is always preferred to insecure email, but under specific circumstances, insecure email communication containing PHI may take place between you and Breakthrough.

For your convenience, Breakthrough lets you choose whether to receive email communications containing PHI. This email communication is not encrypted and may include messages from your Treatment Provider, appointment reminders, treatment referrals, and prescription information.

You should consider that standard email is not a secure means of communication. There is some risk that any PHI contained in email may be disclosed to, or intercepted, printed, or stored by, unauthorized third parties. Breakthrough cannot ensure the security or confidentiality of messages sent by email.

You will receive email communication from Breakthrough and Treatment Providers. If you choose to receive PHI in emails, you authorize Breakthrough to send you messages that include PHI, which may include disclosure of mental illness, substance abuse, and sexually transmitted disease. This authorization indicates you understand and accept the risks involved with insecure email communication of your PHI.

You may always elect not to receive message content containing PHI. In that case, you would instead receive secure notifications of new messages that require you to log in to Breakthrough’s secure site to read message content. We recommend this option if you want to increase the security and confidentiality of your communications on Breakthrough.

Even if you have requested us to send email containing PHI to you, you may revoke this request by changing this setting at any time on the user registration page, at the bottom of emails from Breakthrough, or in your account profile.

Even
if you have given us permission to send emails to you, you may revoke that
permission at any time by following the “unsubscribe” information at the bottom
of each such email.

9. Messages
and Transactions.

Comments
or questions sent to us using email or secure messaging forms will be shared
with our staff who are most able to address your concerns. We will archive
your messages once we have made our best effort to provide you with a complete
and satisfactory response. However, these communications will not become part
of your medical record (or other appropriate treatment record) unless and until you use the Services to obtain mental health advice
or a consultation from a Treatment Provider.

When
you use a service on the secure section of the Services to interact directly
with Treatment Providers, some information you provide may be documented in
your medical record or other appropriate treatment record, and available for
use to guide your treatment as a patient.

10. Information
Sharing and Disclosure

We
will not rent, sell, or share Personal Information about you with other people
or non-affiliated companies except to provide the Services, when we otherwise
have your permission, or under the following circumstances:

·
Treatment Providers.
When you use the Site to access mental health services, you will be sharing your Personal Information with a Treatment Provider via the Services. By using the Services, you expressly consent to sharing your Personal Information with your Treatment Provider, and you understand that all information shared with your Treatment Provider is subject to your Treatment Provider’s professional and legal duties of confidentiality and responsibility, which Breakthrough does not control. To increase coordination of care and reduce overhead for you, you authorize the sharing of this information with other Treatment Providers on Breakthrough who you elect to contact.

·
Group Sessions.
If you enter a group session, any information you provide during the session, which could include posts, video, and audio, will be shared with the other group participants.

·
User Profiles. User profile information, including your name, location, and other information you enter in your profile, may be displayed to your Treatment Providers to facilitate user interaction with the Site.

·
Communications in Response to User Submissions. As part of the Site and the Services, you
may receive from Breakthrough and other users email and other communications
relating to your requests, mental health services, and other transactions.
When you transmit information relating to your mental health services needs,
Breakthrough and the Treatment Providers you select may send you emails and
other communications that they determine in their sole discretion relate to
your mental health services needs.

·
Aggregate Information and Non-Identifying Information. We may share aggregated information that
does not include Personal Information and we may otherwise disclose
non-identifying Information and Log Data with third parties for industry
analysis, demographic profiling, and other purposes. Any aggregated information
shared in these contexts will not contain your Personal Information.

·
Service Providers.
We may employ third-party companies and individuals to process your payments,
facilitate our Services, to provide the Services on our behalf, to perform Services-related
services (including, without limitation, maintenance services, database
management, web analytics and improvement of the Services’ features), or to
assist us in analyzing how our Services are used. These third parties have
access to your Personal Information only to perform these tasks on our behalf
and are obligated not to disclose or use it for any other purpose.

·
Compliance with Laws and Law Enforcement. We cooperate with government and law
enforcement officials and private parties to enforce and comply with the law.
We will disclose any information about you to government or law enforcement
officials or private parties as we, in our sole discretion, believe necessary
or appropriate to respond to claims and legal process (including but not
limited to subpoenas), to protect the property and rights of Breakthrough or a
third party, to protect the safety of the public or any person, or to prevent
or stop activity we may consider to be, or to pose a risk of being, any
illegal, unethical or legally actionable activity. This includes, without limitation,
exchanging information with Treatment Providers and law enforcement in response
to Treatment Providers’ professional and legal responsibilities.

·
Business Transfers.
We may sell, transfer or otherwise share some or all of our assets, including your
Personal Information, in connection with a merger, acquisition, reorganization
or sale of assets, or in the event of bankruptcy.

PLEASE NOTE THAT ANY INFORMATION,
TEXT AND IMAGES THAT YOU POST OR DISCLOSE ON OR THROUGH PUBLIC PORTIONS OF THE
SITE, OR ANY OTHER PUBLIC FORUMS, BECOMES PUBLIC INFORMATION AND MAY BE
AVAILABLE TO VISITORS TO THE SITE AND/OR SEARCHABLE VIA THE INTERNET. Information
regarding your activities in such Services may also be available for view by
other users (for example, other users may be able to view a list of all
postings you have made in all available forums). We urge you to exercise
discretion and caution when deciding to disclose your Personal Information through
a forum or otherwise through the Site. BREAKTHROUGH IS NOT RESPONSIBLE FOR THE
USE OF ANY PERSONAL INFORMATION YOU VOLUNTARILY DISCLOSE THROUGH A FORUM OR
OTHERWISE THROUGH THE SITE OR THE SERVICES.

11. Changing
or Deleting Your Information.

You may review, update, correct or delete some portions of your Personal Information in your registration profile by making the appropriate modifications in your user account settings or by contacting us at network@breakthrough.com. Some Personal Information, such as your answers to online assessments, may not be updateable or deleted once submitted. If you delete certain information required to receive Services, such as a credit card on file, then you may no longer be able to receive Services and your account may be deactivated. If you would like us to remove your records from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the records.

Please note that we may need to retain certain information for recordkeeping purposes, and there may also be residual information that will remain within our databases and other records, which, irrespective of any efforts by us to delete information, will not be removed from them. We also reserve the right, from time to time, to re-contact former users of the Site. Finally, we are not responsible for removing information from the databases of third parties with whom we have already shared Personal Information about you.

12. Security.

We employ administrative, physical, and technical measures designed to safeguard and protect information under our control from unauthorized access, use, and disclosure. Except for appointment reminders, treatment referrals and prescription information, these measures include encrypting your communications by utilizing Secure Sockets Layer (“SSL”) software, and using a secured messaging service when we send your Personal Information electronically. In addition, when we collect, maintain, access, use, or disclose your Personal Information, we will do so using systems and processes consistent with information privacy and security requirements under applicable federal and state laws, including, without limitation, HIPAA. Except when you have requested us to send emails to you outside of the secure section of our Services and the Site, all electronic PHI will be encrypted when we store it or transmit it, and we will use secure servers that we will back up regularly.

We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information, including, without limitation, breaches of your unencrypted electronically stored “personal information” (including but not limited to PHI or “medical information” (as defined in applicable state statutes on security breach notification)). To the extent permitted by applicable laws, we will make such disclosures to you via email or conspicuous posting on the Services in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Services by Internet or email, or any electronic storage system, cannot be guaranteed. As a result, although we strive to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to us through or in connection with the Site or that is stored by us. You acknowledge and agree that any information you transmit through the Site or upload for storage in connection with the Site is so transmitted or stored at your own risk. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Account you might have with us has been compromised), you must immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below (note that if you choose to notify us via physical mail, this will delay the time it takes for us to respond to the problem). In addition, if you have privacy or data security related questions, please feel free to contact the office identified at the end of this document.

13. Our
Employees.

Every
one of our employees, whose job might allow them
to come into contact with your Personal Information has completed HIPAA
training and job-specific training on how to protect and respect your Personal
Information, including your PHI. We have clear policies in place in the event
of a privacy or security concern regarding your Personal Information, so we can
react quickly and resolve the issue appropriately. We will limit access to
your Personal Information to personnel who have a need to know it for purposes
of delivering our Services. All of our personnel must comply with our
restrictions on access, use, and disclosure of PHI or face disciplinary action,
up to and including termination.

14. International
Transfer.

Your
information may be transferred to — and maintained on — computers
located outside of your state, province, country or other governmental
jurisdiction where the privacy laws may not be as protective as those in your
jurisdiction. If you are located outside the United States and choose to provide
information to us, we may transfer your Personal Information to the United
States and process it there. Your submission of such information represents
your agreement to that transfer.

15. Links
to Other Sites.

We may offer you the opportunity to access third-party content,
services, or products by linking to a third party’s website. If you choose to
visit an advertiser by “clicking on” a banner ad or other type of
advertisement, or click on another third party link, you will be directed to that
third party’s website. The fact that we may link to a website or present a
banner ad or other type of advertisement is not an endorsement, authorization,
or representation of our affiliation with that third party, nor is it an
endorsement of their privacy or information security policies or practices. We
do not exercise control over third-party websites. These other websites may
place their own cookies or other files on your computer, collect data or
solicit personal information from you. Other services follow different rules
regarding the use or disclosure of the Personal Information you submit to them.
Our Privacy Policy only applies to the Services and we are not responsible for
the privacy practices or the content of other websites. You should check the
privacy policies of those sites before providing your Personal Information to
them.

16. Children.

The
Services are not directed to children. We do not knowingly allow or solicit
anyone under the age of 13 to participate independently in any of the Services.
We do not knowingly collect personally identifiable information from children,
except in the context of a Treatment Provider’s mental health consultation through
the Services when a parent is present and has consented to treatment. If a
parent or guardian becomes aware that his or her child has provided us with
Personal Information without their consent, please contact us at network@breakthrough.com. Access to the
Services for dependents (children over the age of 3 or a spouse or domestic
partner) is only permitted through the primary account holder’s username and
password. Minors are not allowed to use the Services without parental consent
and assistance. If we become aware that a user of the Services is under the
age of 13 and has provided us with Personal Information without verifiable
parental consent, we may delete such information from our files and may deactivate the related account.

17. Agreement
and Changes.

By
using the Services, you agree to the current Privacy Policy and our Terms, into
which this Privacy Policy is incorporated. We reserve the right, in our sole
discretion, to modify, discontinue, or terminate the Services or to modify this
Privacy Policy at any time. If we modify this Privacy Policy, we will notify
you of such changes by posting them on the Services or providing you with
notice of the modification. We will also indicate when such terms are
effective below. By continuing to access or use the Services after we have
posted a modification or have provided you with notice of a modification, you
are indicating that you agree to be bound by the modified Privacy Policy. If
the modified Privacy Policy is not acceptable to you, your only recourse is to
cease using the Services.

18.Contacting Us.

We
encourage you to contact us at network@breakthrough.com if you have any questions concerning our
Privacy Policy or if you have any questions or concerns about our access, use,
or disclosure of your Personal Information. Please note that email
communications will not necessarily be secure; accordingly, you should not
include credit card information, PHI, or other sensitive information in your email
correspondence with us. If you would like to contact us via physical mail, our mailing address is: Breakthrough, 702 Marshall St., Suite #510, Redwood City, CA 94063, Attention: Security Officer.

If you are in crisis, call the National Suicide Prevention Lifeline, a free, 24-hour hotline, at 1.800.273.8255. If your issue is an emergency, call 911 or go to your nearest emergency room. Breakthrough does not offer crisis counseling or emergency services.